Unrated severityNVD Advisory· Published Jul 6, 2006· Updated Apr 16, 2026

CVE-2006-3376

Description

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

Affected products

Wvware/Libwmf
cpe:2.3:a:wvware:libwmf:0.2.8_.4:*:*:*:*:*:*:*
Wvware/Wv23 versions
cpe:2.3:a:wvware:wv2:0.2.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:wvware:wv2:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:wvware:wv2:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:wvware:wv2:0.2.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20921nvdVendor Advisory
rhn.redhat.com/errata/RHSA-2006-0597.htmlnvd
secunia.com/advisories/21064nvd
secunia.com/advisories/21261nvd
secunia.com/advisories/21419nvd
secunia.com/advisories/21459nvd
secunia.com/advisories/21473nvd
secunia.com/advisories/22311nvd
security.gentoo.org/glsa/glsa-200608-17.xmlnvd
securityreason.com/securityalert/1190nvd
securitytracker.com/idnvd
www.mandriva.com/security/advisoriesnvd
www.novell.com/linux/security/advisories/2006_19_sr.htmlnvd
www.securityfocus.com/archive/1/438803/100/0/threadednvd
www.securityfocus.com/bid/18751nvd
www.ubuntu.com/usn/usn-333-1nvd
www.vupen.com/english/advisories/2006/2646nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27516nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262nvd
www.debian.org/security/2006/dsa-1194nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000